Multiple Identity Management in an Electronic Commerce Site

ABSTRACT

In electronic commerce (e-commerce) sites that are executed on a single e-commerce application, a user&#39;s session is only associated with a single user identity for e-commerce site domain. Acting under a single identity across the site may not be desired. There may be requirements to associate an individual user with one or more separate identities within parts of the site. Aspects of the invention provide a method, system and computer program product for managing multiple user identities for a user of an electronic commerce (e-commerce) site. The method comprises defining the e-commerce site as one or more security domains; and in response to a user&#39;s request to invoke an operation of the e-commerce site: determining a one of the one or more security domains to which the operation relates; performing one of a) creating a session and b) reusing a session for the user automatically in accordance with the determined security domain, said session associated with a user identity and a role indicating privileges for invoking operations of the e-commerce site in at least the determined security domain; and persisting said session for reuse. The user&#39;s request may be received in association with one or more sessions persisted for the user and a one of the sessions selected in accordance with the determined security domain. In response, either a session may be created or reused. Persisting may comprise providing one or more cookies defining the session to the user for associating with a subsequent request. In accordance with a feature of this aspect, the e-commerce site may define each of the one or more security domains as a hierarchy of organizations and assets owned by the organizations and the determining a one of the one or more security domains to which the operation relates may comprise evaluating the user&#39;s request in accordance with the hierarchy.

FIELD OF THE INVENTION

The present invention relates to application operation and development,more particularly, to managing multiple identities for a user of anelectronic commerce site.

BACKGROUND OF THE INVENTION

Electronic commerce (e-commerce) relates to the electronic performanceof transactions for goods or services. One component of e-commerceapplication operation is security, particularly user security. Securityenables a user of the e-commerce application to be authenticated andprovided permission to invoke certain functions of the e-commerceapplication while preventing certain functions from invocation by userswho cannot be authenticated or who do not have a required permission.One aspect of user security is identity management which distinguishesindividual users and associates an individual user's identity with theuser's requests and activities during an e-commerce session.

E-commerce applications are typically made available to users via anetwork such as the Internet at an Internet site or domain defined byone or more universal resource locators (URLs). Pages identified by URLsfor the site may be browsed by a user with a client browsing application(web browser) that requests the pages from one or more servers hostingthe site. E-commerce functions may be invoked by the user to initiateand conclude e-commerce transactions via the web browser.

Browsing purely in accordance with the hyper text transfer protocol(HTTP) of the Internet is stateless: a previous user request to a sitehas no bearing on a current user request to the site. To maintain astate between an HTTP client and a server, a piece of data known as acookie is used. The cookie is issued by the server to the client. Toidentify itself to the server on a subsequent request, the clientbrowsing application submits the cookie as part of a subsequent requestheader. From information in the cookie the server can identify theclient, thus maintaining a state across requests.

Cookies are a popular means of managing user sessions in e-commercesites. When a user visits a site or authenticates to a site, a cookie isissued to the user to identify the user to the site for the life of theuser's session (e.g. until the user closes the web browser or invokes alogoff function on the site).

Within an Internet domain, one or more security domains may be definedusing a collection of related URLs and a user may be assigned the sameprivileges throughout a particular security domain. For the Internetdomain shop.ibm.com, the following is an example of two securitydomains, one for each of store A and store B and where . . . representsany string of characters like a wildcard placeholder:

-   -   i) URLs matching the pattern http://shop.ibm.com/ . . . ? . . .        &storeId=A& . . . .    -   ii) URLs matching the pattern http://shop.ibm.com/ . . . ? . . .        &storeId=A& . . . .        One or more security domains may be used to define an e-commerce        shopping mall, e-commerce hosting site, e-commerce marketplace,        or other place where online business is conducted. The        aggregation of all the security domains in an e-commerce site is        called the composite security domain.

In e-commerce sites that are executed on a single e-commerceapplication, a user's session is only associated with a single useridentity for the composite security domain. Acting under a singleidentity across security domains may not be desired. There may berequirements to associate an individual user with one or more separateidentities within each security domain or subset of security domainsthat form a composite domain. For example, if a user is browsing twoindependent stores at an Internet site and has added items to the user'sshopping cart in both stores, it may be desired that the business logicof the e-commerce application only displays the shopping cart associatedwith the one store that the user is currently browsing. If the userwants to be treated under a common identity in two hosted stores but adifferent identity under a third store, the business logic to achievethis result is very complicated.

Gathering statistics of user activities at a particular store is mucheasier to perform with user identities that are only associated with theparticular store than with user identities that are associated withmultiple hosted stores. Merchants choosing to have their store in ahosted shopping mall often do so for reasons of affordability, sharingprocessing resources with other merchants to reduce costs. Oneconsequence is that these merchants share their user's customer accountsamong all the stores in the shopping mall. If a hosted store desires tomove to its own e-commerce site, migration of customer accounts,including individual shopping carts and orders, may be very difficult orcostly if the accounts and carts are shared with other stores.

As such, an identity management architecture which addresses some or allof these shortcomings is desired.

SUMMARY OF THE INVENTION

The invention is directed to multiple identity management in anelectronic commerce site. In accordance with an aspect of the invention,there is provided a method for managing multiple user identities for auser of an electronic commerce (e-commerce) site. The method comprisesdefining the e-commerce site as one or more security domains; and inresponse to a user's request to invoke an operation of the e-commercesite: determining a one of the one or more security domains to which theoperation relates; performing one of a) creating a session and b)reusing a session for the user automatically in accordance with thedetermined security domain, said session associated with a user identityand a role indicating privileges for invoking operations of thee-commerce site in at least the determined security domain; andpersisting said session for reuse.

The requested operation may be invoked in association with the useridentity and role of said session. Further, the session may compriseinformation indicating at least one of: the user preference's forinvoking operations at the e-commerce site; the user's preferences forinvoking operations at least the determined security domain; and asecurity signature for authenticating the session information.

As a feature of the present aspect, the method may comprises evaluatingthe requested operation to determine an operation type and wherein saidstep of performing is performed in accordance with the operation type.

The user's request may be received in association with one or moresessions persisted for the user and a one of the sessions selected inaccordance with said determined security domain. One of creating andreusing a session may then be performed in response to said selecting.

As a further feature, the user identity may be associated with anidentity type for permitting the invocation of operations and the methodmay comprise receiving the user's request in association with one ormore sessions persisted for the user and retrieving a user identity forthe determined security domain from said one or more sessions. One ofcreating and reusing a session may the be performed in response to theidentity type of the retrieved user identity.

One or more cookies defining the session to the user may be provided forassociating with a subsequent request. The cookies may comprise anauthentication cookie and a session cookie; and the method compriseauthenticating the user's request.

In accordance with another feature of this aspect, the method furthercomprises defining each of the one or more security domains as ahierarchy of organizations and assets owned by the organizations; anddetermining a one of the one or more security domains to which theoperation relates comprises by evaluating the user's request inaccordance with the hierarchy.

Another aspect of the invention provides a computer program producthaving a computer readable medium tangibly embodying computer executablecode for managing multiple user identities for a user of an electroniccommerce (e-commerce) site defined using one or more security domains.The computer program product comprising code for, in response to auser's request to invoke an operation of the e-commerce site,determining a one of the one or more security domains to which theoperation relates; performing one of a) creating a session and b)reusing a session for the user automatically in accordance with thedetermined security domain, said session associated with a user identityand a role indicating privileges for invoking operations of thee-commerce site in at least the determined security domain; andpersisting said session for reuse.

There is further provided a system for managing multiple user identitiesfor a user of an electronic commerce (e-commerce) site defined using oneor more security domains. The system comprises an identity managercomponent configured to, in response to a user's request to invoke anoperation of the e-commerce site: determine a one of the one or moresecurity domains to which the operation relates; perform one of a)creating a session and b) reusing a session for the user automaticallyin accordance with the determined security domain, said sessionassociated with a user identity and a role indicating privileges forinvoking operations of the e-commerce site in at least the determinedsecurity domain; and persist said session for reuse.

Other aspects and features of the present invention will become apparentto those ordinarily skilled in the art upon review of the followingdescription of specific embodiments of the invention in conjunction withthe accompanying figures.

BRIEF DESCRIPTION OF THE DRAWINGS

In the figures which illustrate an example embodiment of this invention:

FIGS. 1A, 1B, 1C and 1D schematically illustrate respective exemplarye-commerce market models, namely, a shopping mall site, a hosted storesite, a multiple go to market site and a marketplace site, embodyingaspects of the invention;

FIG. 2 schematically illustrates a portion of a computer system, namelya memory, embodying aspects of the present invention;

FIG. 3 illustrates a state diagram modeling an aspect of the presentinvention shown in FIG. 2;

FIG. 4 illustrates a further state diagram modeling an aspect of thepresent invention shown in FIG. 2;

FIG. 5 illustrates in flowchart form operations of an aspect of theinvention shown in FIG. 2.

DETAILED DESCRIPTION

The following detailed description of one or more embodiments of thepresent invention does not limit the implementation of the invention toany particular computer programming language. The present invention maybe implemented in any computer programming language provided that the OS(Operating System) provides the facilities that may support therequirements of the present invention. A preferred embodiment isimplemented in the Java computer programming language (or other computerprogramming languages in conjunction with Java). Any limitationspresented would be a result of a particular type of operating system orcomputer programming language and would not be a limitation of thepresent invention.

In accordance with the present invention, there is provided a techniquefor managing multiple identities for a user in an e-commerce site. Aspreviously noted, one or more security domains may be used to definevirtual places where online business is conducted, examples of which aredepicted in FIGS. 1A, 1B, 1C and 1D (FIGS. 1A-1D). FIGS. 1A-1D depict anexemplary e-commerce shopping mall site, e-commerce hosted stores site,e-commerce multiple go to market site and e-commerce marketplace site,respectively. Though not illustrated, in accordance with an aspect ofthe invention, each of the sites is implemented by a networked computersystem including a server having one or more CPUs and a memoryconfigured with computer instructions (i.e. applications and data) inaccordance with a further aspect of the invention as described hereinbelow. Throughout the description herein, an embodiment of the inventionis discussed with aspects of the invention embodied on a sole computingdevice. As will be appreciated by those of ordinary skill in the art,aspects of the invention may be distributed amongst one or morenetworked computing devices which interact via one or more data networkssuch as, for example, the Internet. However, for ease of understanding,aspects of the invention have been embodied in a single computingdevice.

The computer instructions/applications stored in the memory and executedby the CPU (thus adapting the operation of the computer system asdescribed herein) are illustrated in functional block form in FIG. 2. Aswill be appreciated by those of ordinary skill in the art, thedelineation between aspects of the applications illustrated asfunctional blocks in FIG. 2 is somewhat arbitrary as the variousoperations attributed to a particular application as described hereinmay, in alternative embodiments, be subsumed by another application.

FIG. 2 illustrates the memory configured in accordance with the presentinvention for providing an e-commerce site, such as those of FIGS.1A-1D, including a manager for managing multiple identities for a userof the site. Briefly, FIG. 2 illustrates memory 200, which may compriseone or more of both volatile and persistent memory for the storage of:operational instructions for execution by the CPU, data registers,application storage and the like. Memory 200 preferably includes acombination of random access memory (RAM), read only memory (ROM) andpersistent memory such as that provided by a hard disk drive (all notshown).

As illustrated, for exemplary purposes only, memory 200 stores OS 202,communications suite 204, e-commerce application server (EAS) 206adapted with multiple identity manager (manager) 208 and a plurality ofcookies 210, 212 for assigning a user identity and role to a uservisiting a security domain defined by EAS 206 as discussed furtherherein below.

OS 202 is an operating system suitable for operation with the CPU of thecomputer system and the operations described herein. Multitasking,multithreaded OSes such as, for example, IBM AIX™, Microsoft Windows NT™(NT is a bit dated it is better to use Microsoft Windows 2000), Linux orthe like, are expected in many embodiments to be preferred.Communication suite 204 provides, through, interaction with OS 202 and anetwork interface (not shown) of the computer system, suitablecommunication protocols to enable communication with other networkedcomputing devices via a network (also not shown) such as the Internet.Communication suite 204 may include one or more of such protocols suchas TCP/IP, Ethernet, token ring and the like.

Also stored in memory 200 and incorporating aspects of the presentinvention is EAS 206 adapted by manager 208. In the exemplaryembodiment, EAS 206 provides substantially all of the functionalityneeded to establish the e-commerce site including each electronic storeand to carry out buying and selling over the Internet. This includesstoring product catalog information provided by sellers or distributors,accepting requests for information from prospective user purchasers, andaccepting and processing orders. The electronic store typically includesa collection of Web pages which describe a sellers' product offeringsand which include on-line forms allowing users to place orders as isknown to those skilled in the art. As earlier stated, though EAS 206 isshown stored in memory 200 of a single computer system, it is understoodto persons skilled in the art that components of EAS 206 may be storedon additional computer systems networked with the computer system havingmemory 200.

Unlike conventional EASs, EAS 206 is adapted to have a multiple identitymanagement capability via a manager 208. That is, EAS 206 is adapted toprovide e-commerce operations to a user in association with multipleidentities managed by manager 208 for one or more security domainsdefined for the e-commerce site of EAS 206.

FIG. 1A illustrates an exemplary e-commerce shopping mall site 100defined by an e-commerce application such as EAS 206 comprising aplurality of stores on one site where users can shop. Typically, usersare recognized by e-commerce application 204 adapted by multipleidentity manager 208 and given the same privileges for all the stores inthe mall 100. Thus the mall 100 has one security domain. Organizations110 (depicted as ovals), may own or otherwise control otherorganizations 110, users 112 (depicted as cubes) and/or stores 104(depicted as pyramids). Stores 104 comprise a set of related URLs andmay be assigned a store identifier (ID), that is represented in the URLby the parameter storeId. Thus the set of URLs that belong to a store104 for a particular Internet domain matches the patternhttp://<Internet domain name>/ . . . ? . . . & storied=x& . . . , wherex is the ID of the store 104. In this mall 100 all the stores 104 formone security domain. Thus from the depiction in FIG. 1A, if the mall 100is hosted on the site “shop.ibm.com”, then the three URL patternshttp://shop.ibm.com/ . . . ? . . . &storeId=A& . . . ,http://shop.ibm.com/ . . . ? . . . &storeId=B& . . . , andhttp://shop.ibm.com/ . . . ? . . . &storeId=C& . . . form one securitydomain.

Typically, e-commerce sites can cost many millions of dollars to setupand maintain. Merchants who cannot afford their own online store orthose who chose otherwise have the alternative of using a hosted storesite that hosts multiple independent stores. An alternative exemplarye-commerce site, namely an e-commerce hosted store site 120, shown inFIG. 1B, comprises a plurality of stores 122, 124, 126, 128 and 130executing within a single e-commerce application such as EAS 206. FIG.1B depicts each hosted store 122 and 124 being owned by its ownrespective hosted organization 132 and 134. All hosted organizations 132and 134 are in turn owned by the Hosted Seller Org 136. For the creationand management of the hosted organization and its hosted store themanagement store (Mngt Store) 126 is used.

Running the hosted site 120 in a single e-commerce application 206 isdesirable as it has a number of advantages:

-   -   i) Running many small stores in a single application is more        likely to make efficient use of processor time than a single        small store.    -   ii) Stores can share common resources such as web pages and        product catalogs.    -   iii) Maintenance costs for many stores in a single application        are much less than having one store per application.

In FIG. 1B, store A 122 and store B 124 each have their own securitydomain. The Mngt store 126 also has its own security domain.

FIG. 1C illustrates a further alternative site configuration, namely anexemplary e-commerce multiple go to market site 140 executing in asingle e-commerce application such as EAS 206. Each independent seller(e.g. A, B and C) has its own store 142, 144, and 146 and top-levelorganization 148, 150 and 152, (i.e. SellerA, SellerB, and SellerC).These seller organizations 148, 150 and 152 are owned by a common parentorganization 154, namely, B2C Org. This site configuration 140 is verysimilar to the hosted store site 120 of FIG. 1B. However, thate-commerce site model 120 is extended in this configuration 140 as asingle seller (e.g. A) is able to sell customized products in variousspecialty stores 156 and 158. For example, a seller may have a generalpurpose store, a store targeting infant needs, a store targeting women'sapparel, a store targeting bargain hunters, etc. These specialty storesare each be owned by a separate organization which in turn is owned byone of the top-level seller organizations. SellerA 148 in FIG. 1C is anexample of such a top-level seller organization. In this example, storeA 142 is the general purpose store, while store X 156 and store Y 158are specialty stores, targeting niche markets.

In a multiple go to market model such as exemplary configuration 140, aspecialty store constitutes its own security domain. For example, ashopper who registers to store X 156 is not granted any privileges instore A 142 or store Y 158. However, a top-level organization and itssub-organizations can together form a security domain when privilegesare assigned at the top-level organization level. For example, a shopperwho registers to store A 142 is granted privileges in stores A, X and Y(142, 156 and 158).

FIG. 1D illustrates another exemplary e-commerce site, namely e-commercemarketplace site 160 executing in a single e-commerce application 206,such as EAS 206 where resellers offer their items for sale inindependent stores to the general public. However, unlike the hostedstore site 120 of FIG. 1B, in this model 160 resellers purchase productsfrom various distributors via a marketplace store. The distributors onlysell their goods to resellers and not to the general public.

Each reseller (e.g. A and B) has their own store 162 and 164 andorganization 166 and 168. The reseller organizations 166 and 168 areowned by a top level organization 170, namely, Reseller Org. Themarketplace store, referenced as channel store 172 is owned by theorganization, Channel Org 174. There are two types of distributorsdepicted in the model. These are hosted distributors 176 and proxydistributors 178. Hosted distributors 178 have their stores (e.g. 180)hosted on the site 160 and under the organization Distributor Org 182.Proxy distributors 178 have an independent site (not shown) but use aproxy store (e.g. 184) under a proxy organization 186 to bridge theconnection between the resellers and the independent distributor stores.

There are many security domains illustrated in FIG. 1D. Each resellerstore (162, 164) has its own security domain. Channel store 172 isanother security domain. All the distributor proxy organizations 186form a security domain. And finally, all distributor organizations 182define a further independent security domain.

In accordance with the invention, manager 208 assigns one of three typesof privileges to users within a security domain. These are guest,registered, and administrative. Guest privileges are assigned to userswho have a temporary relationship with the security domain. Registeredprivileges are assigned to users who have a permanent relationship withthe security domain but do not have any administrative privileges withinthat domain. Administrative privileges are assigned to users who have apermanent relationship with the security domain and have the ability toperform administrative management operations within the domain. As usersnavigate the e-commerce site and request particular operations, manager208 may assign different or additional types of privileges as describedfurther below.

Typically, users with guest privileges can perform a limited set ofoperations in a security domain, e.g. browsing the catalog, placing anisolated order, etc. If a user intends to do various e-commercetransactions in a store over a period of time, there may be a benefit tohaving a permanent relationship with the security domain by obtainingregistration privileges. In this way, the user can later authenticate tothe security domain and view his order history, address book, etc.Security domains may be configured to only allow users with registeredprivileges to access the store's assets, e.g. catalog, address book,etc. Users with administrative privileges can perform managementoperations such as resetting a the password of a user within thesecurity domain.

Access control roles are used to distinguish the type of privileges auser has within a security domain. A user with guest privileges has noaccess control role within the security domain. A user with registeredprivileges has a single access control role within the domain known asthe Registered Customer role. Users with administrative privileges mayhave one or more administrative roles within a security domain.

FIGS. 1A-1D each depict a tree-like hierarchy of organizations, storesand users where users and stores may only be leaf nodes of the tree. Asdepicted in FIGS. 1A-1D, organizations are used to group stores.Organizations only have one owner, known as their parent organization,but may own many organizations, known as the descendant organizations.Organizations own assets. One such asset is a store. Each store is ownedby a single organization, however an organization may own multiplestores. Stores do not own other stores.

Access control roles are associated with organizations. A user thatplays a particular role in an organization, also plays the role in anyof that organization's descendant organizations and assets. A userassigned a role for a particular organization grants to the user rightsto a subset of URLs associated with the organization's stores.

Organizations are used to define the scope of a security domain. Sinceorganizations are hierarchical in nature, the security domain can bedefined as encompassing an organization and its descendants. Thus a useris granted the same set of privileges for assets owned by anorganization and all its descendants.

To support multiple identities in a composite security domain, a personmay be assigned one user ID per security domain or subset of securitydomains. There are three types of user IDs within a security domain.These are generic, guest, and registered. The generic type is a singleuser ID shared throughout the security domain. The main purpose for thistype of user ID is performance and scalability. The guest type is anunique temporary user ID assigned to a user for the life of the user'ssession within a security domain. The registered type is an uniqueidentity that is reusable across sessions within a security domain. Auser ID that is of the registered type for a particular security domainmust have an access control role within the security domain. Aregistered type user ID may be shared across security domains, by havingan access control role in each domain. However, a generic ID or guestuser ID cannot be shared across domains.

When a user invokes an operation in a security domain, a determinationis made as to whether the type of the current user ID to perform theoperation is appropriate. This does not necessarily mean that the userID has the required privileges to perform the operation. If theoperation being invoked will not result in a resource being associatedwith the user, for example, displaying a product page, then a generic,guest, or registered identity is sufficient. If the operation willresult in a resource being associated with a user, then the guest orregistered identity is sufficient. An operation such as adding an itemto a shopping cart will result in a item resource being associated withthe identity. If the operation requires the user to have a permanentrelationship with the security domain, then the user ID must be of theregistered type.

If the type of user ID is not sufficient for invoking an operationwithin a security domain the user ID type may be switched to a moreappropriate type. Manager 208 maintains user types for a particularuser, as the user navigates the e-commerce site and requests operationsvia commands. FIG. 3 is a state diagram that illustrates states andtransitions 300 for maintaining user types within a security domain asperformed by manager 208

Operation of manager 208 may be understood with reference to anexemplary shopping session by a user at a store such as store A 122 ofFIG. 1B. Store A 122 corresponds to a security domain. A typicalshopping scenario and the corresponding state transition is outlinedbelow as may be further understood with reference to FIG. 3:

-   -   1) A user opens a client browser and accesses the store front        page of the e-commerce site 120 sending an HTTP request to        invoke a command on EAS 206. In response, manager 208 assigns        the user (i.e. the client browser) the generic user identity        (State 302).    -   2) A product display page of site 140 is accessed via a command        through the client browser and an item is selected for placement        in a shopping cart as a potential product to purchase. The        command requires an user identity type other than generic. Thus        manager 208 creates a unique guest user identity and assigns it        to the client browser, transitioning to state 304.    -   3) The user registers to store A 122 via a command. Manager 208        creates and assigns a unique registered user identity to the        client browser, transitioning to state 306.    -   4) When the user logoffs store A 122, manager 208 transitions to        state 302 and assigns a generic user identity to the browser.    -   5) When the user closes its client browser, the cookies are        cleared from the client browser memory.

In the exemplary embodiment of the invention, cookies are used to managethe various user IDs when a user invokes operations on a securitydomain. Two cookies are used for each user ID: an authentication cookieand a session cookie.

Authentication Cookie

The authentication cookie is used to authenticate the user on everyrequest to the security domain. In the exemplary embodiment, theauthentication cookie comprises two parts:

-   -   i) A user ID associated with the client browser (i.e. user) for        the particular security domain. Each authentication cookie has a        unique user ID.    -   ii) A one-way hash of the user ID, a timestamp unique to this        user ID and an encryption key unique to the composite security        domain. The timestamp associated with the user ID is persisted        by manager 208, for example using memory 200, for subsequent        confirmations of the user as a security and integrity measure.

Manager 208 verifies the authentication cookie on every request made bythe client. Manager 208 first strips the security ID from the cookievalue and constructs a one-way hash using the same algorithm describedabove. The new constructed hash string is compared to that in the cookievalue, only if they match is the cookie considered valid.

User Session Cookie

The user session cookie contains session information for a particularsecurity domain. For every authentication cookie there is an equivalentuser session cookie. The user session cookie comprises four parts:

-   -   i) The user ID associated with this session.    -   ii) User preferences such as language and currency.    -   iii) A list of store IDs that this user is authorized to access.        Associated with each storeID is a list of the user preference        information for this store.    -   iv) A signature for this cookie such as a one-way hash of the        above three parts (will be referred to as the value part) plus        an encryption key unique to the site.

Table 1, below illustrates the format of the authentication and usersession cookies.

TABLE 1 Example of the authentication and user session cookie pairs.Authentication Authentication User Session User Session Cookie NameCookie Value* Cookie Name Cookie Value* AUTH_USERID1 userId1, one-wayUSERSESSION_USERID1 userId1, hash(encryption key + language, currency,userId1 + user1's [storeId A, . . .], timestamp) [storeId B, . . .],one-way hash(encryption key + value part of this cookie) AUTH_USERID2userId2, one-way USERSESSION_USERID2 userId2, hash(encryption key +language, currency, userId2 + user2's [storeId Y, . . .], timestamp)one-way hash(encryption key + value part of this cookie) . . . . . . . .. . . . AUTH_USERIDn userIdn, one-way USERSESSION_USERIDn userIdn,hash(encryption key + language, currency, userIdn + usern's [storeId Z,. . .], timestamp) one-way hash(encryption key + value part of thiscookie)

Cookie values may be encoded to ensure they comply with any restrictedcharacter set requirements as will be understood by persons of ordinaryskill in the art.

Processing a Request

FIG. 4 is a state diagram that illustrates states and transitions 400showing how an e-commerce operation request is processed in a securitydomain in accordance with the exemplary embodiment of the invention byEAS 206. Further details of the operation of EAS 206 and manager 208 areillustrated in FIG. 5. With reference to FIG. 4, the operation on EAS206 invoked by a user request can be broken down in to several parts.

-   -   i) Session Initialization (State 402) determines what user ID        will be used during processing of the request.    -   ii) Command Execution (State 404) comprises the processing of        the business process logic for the e-commerce site, which        processing may result in a change to the user ID, the user        session information or both.        -   iii) Session Commit (State 406) is responsible for            persisting any changes in the authentication information or            user session information to the client browser.    -   iv) Session Rollback (State 408) unwinds any changes that were        made during command execution if an exception occurs, resulting        in the request processing being aborted.        Session initialization (State 402) commences upon receipt of an        HTTP request from the client browser. An HTTP response results        from either of Session Commit (State 406) or Session Rollback        (State 408) and may be written to a response buffer (not shown)        of memory 200 for communicating to the client browser.

In accordance with an aspect of the invention, FIG. 5 illustrates methodsteps 500 of EAS 206 including manager 208, highlighting operations atvarious stages of successful request processing. With reference to FIG.4, steps 502-518 generally illustrate the activities that occur duringsession initialization (Stage 402); step 520 represents commandexecution (Stage 404); and steps 522-530 illustrate a session commit(Stage 408). With reference in greater detail to FIG. 5, requestprocessing that occurs when an operation is invoked in a security domaindefined by EAS 206 and manger 208 is further described.

When an HTTP request arrives at EAS 206 from a client browser (step502), all the cookies in the request are parsed from its header. Theauthentication cookie and its associated user session cookie are pairedtogether to define a single session element. The session elements arestrung together in a list.

The current security domain is determined from information specified inthe URL of the HTTP request (step 502). At Step 506, the session list isiterated to determine if there is a session that already exists for thesecurity domain or if not then does a user from an existing session playa role in the current security domain. If a session does exist,processing continues at step 516.

At step 508, a determination is made whether the command being executedis a generic command and processing continues at step 510 if it isgeneric and otherwise proceeds to step 514. At step 510, the user ID isset to the generic user and at step 512 the user ID and other sessioninformation is made available to the business logic during itsexecution.

At alternate step 514, a new guest user is created before execution ofstep 512. At alternate step 516, as it has been determined that there isan existing session for the domain, the authentication cookie isverified and the user session information is deserialized from thesession cookie. At step 518, if the user ID is a generic type thenprocessing continues at step 508 as previously described. Otherwise,processing continues at step 512 using the information retrieved fromthe cookies.

From step 512, processing continues at step 520 where the business logicis executed. As described above with reference to FIG. 4, the businesslogic may change the user ID or the other session information.

As such, at step 522, changes done during the business logic executionare made available to the session commit. At step 524 a determination ismade whether the user ID was changed in any of the previous steps. Ifthe user ID did not change in the session, processing may end (step526); otherwise, the user ID changed in the session and at step 528, adetermination is made as to whether there was a previous session for thecurrent security domain.

If there was no previous user ID associated with this security domain,manager 208 creates and persists a new session for the user IDassociated with the current security domain (step 530). If a previoussession does exist, it is first deleted (step 532) before executing step530 to clean up the previous session.

Operation of EAS 206 and manager 208 may be further understood by way ofan exemplary user shopping scenario. In accordance with this example,EAS 206 defines exemplary e-commerce shopping mall site 120 asillustrated by FIG. 1B providing stores A and B (122, 124) each definedwithin respective security domains. In further accordance with thisexample, a user has previously registered to stores A and B (122, 124)under different user IDs, namely user ID α in store A 122 and user ID βin store B 124. This exemplary user shopping scenario describesoperation of manager 208 and the cookies it generates while the user 1)shops at store A 122 as a generic user; 2) logs in as user ID α; 3) addsan item to a shopping cart as user ID α; 4) proceeds to store B 124 as aguest; and 5) logs in to store B 124 as user ID β; and 6) logs off storeB 124.

-   1) User Operation: User opens a client browser and accesses store A    at a URL, e.g. shop.ibm.com/ . . .    StoreFront?storeId=A&langId=En&curId=US.    -   Manager Operation: Session Initialization: Determines there is        no current user ID for store A. Sets User ID to Generic User;        Command Execution: performs request processing; Session Commit:        creates and assigns to client browser the AUTH_genericUserId and        USERSESSION_genericUserId cookies:

Authentication Authentication Store Session Store Session Cookie NameCookie Value Cookie Name Cookie Value AUTH_genericUserId genericUserId,USERSESSION_genericUserId genericUserId, one-way English, US dollars,hash(encryption key + [storeId A, . . .], genericUserId + one-waygenericUserId's hash(encryption key + timestamp) value part of thiscookie)

-   2) User Operation: User logins to store A as user ID α.    -   Manager Operation: Session Initialization: UserId for store A        from session is currently genericUserId; Command Execution:        business logic processing results in change of userId; Session        Commit: The AUTH_α and USERSESSION_α cookies below are written        to the response buffer for assigning to the client browser. The        AUTH_genericUserId and USERSESSION_genericUserId cookies are        deleted.

Authentication Authentication Store Session Store Session Cookie NameCookie Value Cookie Name Cookie Value AUTH_α α, one-way USERSESSION_α α,hash(encryption key + Spanish, US dollars, α + α's timestamp) [storeIdA, . . .], one-way hash(encryption key + value part of this cookie)

-   3) User Operation: User adds items to a shopping cart of Store A.    -   Manager Operation: Session Initialization: Current User ID for        store A from session data is α; Command Execution: Request        processing; Session Commit: No changes to cookies.-   4) User Operation: User navigates to store B's page which requires a    guest user ID: e.g. shop.ibm.com/ . . .    StoreFront?storeId=B&langId=En&curId=US    -   Manager Operation: Session Initialization: Cannot reuse the        userId already in the session, thus creates a guest user (e.g.        user ID 123); Command Execution: Request processing; Session        Commit: Cookies updated:

Authentication Authentication Store Session Store Session Cookie NameCookie Value Cookie Name Cookie Value AUTH_α α, one-way USERSESSION_α α,hash(encryption key + Spanish, US dollars, α + α's timestamp) [storeIdA, . . .], one-way hash(encryption key + value part of this cookie)AUTH_123 123, one-way USERSESSION_123 123, hash(encryption key +English, US dollars, 123 + 123's timestamp) [storeId B, . . .], one-wayhash(encryption key + value part of this cookie)

-   5) User Operation: User logons to store B as β.    -   Manager Operation: Session Initialization: The User ID for store        B from this session is currently 123; Command Execution: . . .        business logic processing results in change of identity to β;        Session Commit: AUTH_β and USERSESSION_β cookies are written to        the response buffer and AUTH_(—)123 and USERSESSION_(—)123        cookies are deleted from the client browser.

Authentication Authentication Store Session Store Session Cookie NameCookie Value Cookie Name Cookie Value AUTH_α α, one-way USERSESSION_α α,hash(encryption key + Spanish, US dollars, α + α's timestamp) [storeIdA, . . .], one-way hash(encryption key + value part of this cookie)AUTH_β β, one-way USERSESSION_β β hash(encryption key + French, USdollars, β + β's timestamp) [storeId B, . . . ], one-way hash(encryptionkey + value part of this cookie)

-   6) User Operation: User logs off store B.    -   Manager Operation: Session Initialization: Identity for store B        from session data is β; Command Execution: Request processing        results in logoff; Session Commit The AUTH_β and USERSESSION_β        cookies are deleted on the client browser, for example, by        having manager write these cookies to the response buffer and        setting the cookie age to zero. Also, the value is set as DEL.

Authentication Authentication Store Session Store Session Cookie NameCookie Value Cookie Name Cookie Value AUTH_α α, one-way USERSESSION_α α,hash(encryption key + Spanish, US dollars, α + α's [storeId A, . . .],timestamp) one-way hash(encryption key + value part of this cookie)

As will be appreciated by those skilled in the art, modifications to theabove-described embodiment can be made without departing from theessence of the invention. For example, persons of ordinary skill in theart will appreciate that the generic user type may be adopted forreasons of scalability. Generic users require fewer resources and thesemay be reused. UserIDs and associated types are persisted by thee-commerce site, for example, by storing to an information retrievalsystem such as a database table. In the exemplary embodiment, the tablestores the user ID along with its type, using R to indicate registereduserIDs and using G to represent guest user IDs. However, the genericuser ID is hard coded to a specific number.

While one (or more) embodiment(s) of this invention has been illustratedin the accompanying drawings and described above, it will be evident tothose skilled in the art that changes and modifications may be madetherein without departing from the essence of this invention. All suchmodifications or variations are believed to be within the sphere andscope of the invention as defined by the claims appended hereto. Othermodifications will be apparent to those skilled in the art and,therefore, the invention is defined in the claims.

1. A method for managing multiple user identities for a user of anelectronic commerce (e-commerce) site, the method comprising: definingthe e-commerce site as a plurality of security domains; and in responseto a user's request to invoke an operation of the e-commerce site:identifying a type of user identity being used by the user, whereintypes of user identities comprise a guest identity and a registeredidentity, wherein the guest identity is an unique temporary useridentity assigned to a user for the life of the user's session withinthe security domain, and wherein the registered identity is an uniqueidentity that is reusable across sessions within the security domain;determining if the type of user identity is appropriate to invoke theoperation; responsive to the type of user identity being appropriate toinvoke the operation, determining a security domain of the plurality ofsecurity domains to which the operation relates; selecting a sessionfrom a plurality of sessions based on the determined security domain;and reusing the selected session for the user automatically inaccordance with the determined security domain, the selected sessionbeing associated with a user identity and a role, the user identity andthe role together indicating privileges for invoking operations of thee-commerce site in the determined security domain.
 2. The method ofclaim 1 comprising invoking the requested operation with the useridentity and the role of the selected session.
 3. The method of claim 2wherein the selected session comprises information indicating at leastone of: the user preference's for invoking operations at the e-commercesite; the user's preferences for invoking operations at least for thedetermined security domain; and a security signature for authenticatingthe selected session information.
 4. The method of claim 1 comprisingevaluating the requested operation to determine an operation type andwherein the step of reusing is performed in accordance with theoperation type.
 5. (canceled)
 6. The method of claim 4 wherein the useridentity is associated with an identity type for permitting theinvocation of operations; wherein the method comprises receiving theuser's request in association with the plurality of sessions persistedfor the user and retrieving the user identity for the determinedsecurity domain from the plurality of sessions; and wherein the step ofreusing is performed in response to the identity type of the retrieveduser identity. 7-8. (canceled)
 9. The method of claim 1 comprising:defining each of the plurality of security domains as a hierarchy oforganizations and assets owned by the organizations; and wherein thestep of determining the security domain of the plurality of securitydomains to which the operation relates comprises evaluating the user'srequest in accordance with the hierarchy.
 10. A computer readable mediumtangibly embodying computer executable code for managing multiple useridentities for a user of an electronic commerce (e-commerce) sitedefined using a plurality of security domains, wherein the computerexecutable code, when executed on a computing device, causes thecomputing device to: in response to a user's request to invoke anoperation of the e-commerce site: identify a type of user identity beingused by the user, wherein types of user identities comprise a guestidentity and a registered identity, wherein the guest identity is anunique temporary user identity assigned to a user for the life of theuser's session within the security domain, and wherein the registeredidentity is an unique identity that is reusable across sessions withinthe security domain; determine if the type of user identity isappropriate to invoke the operation; responsive to the type of useridentity being appropriate to invoke the operation, determine a securitydomain of the plurality of security domains to which the operationrelates; select a session from a plurality of sessions based on thedetermined security domain; and reuse the selected session for the userautomatically in accordance with the determined security domain, theselected session being associated with a user identity and a role, theuser identity and the role together indicating privileges for invokingoperations of the e-commerce site in the determined security domain. 11.The computer readable medium of claim 10 comprising code for invokingthe requested operation with the user identity and the role of theselected session.
 12. The computer readable medium of claim 11 whereinthe selected session comprises information indicating at least one of:the user preference's for invoking operations at the e-commerce site;the user's preferences for invoking operations at least for thedetermined security domain; and a security signature for authenticatingthe selected session information.
 13. The computer readable medium ofclaim 10 comprising code for evaluating the requested operation todetermine an operation type and wherein the code for reusing is adaptedto be performed in accordance with the operation type.
 14. (canceled)15. The computer readable medium of claim 13 wherein the user identityis associated with an identity type for permitting the invocation ofoperations; wherein the computer program product comprises code forreceiving the user's request in association with plurality of sessionspersisted for the user and retrieving the user identity for thedetermined security domain from the plurality of sessions; and whereinthe code for reusing is adapted to be performed in response to theidentity type of the retrieved user identity. 16-17. (canceled)
 18. Thecomputer readable medium of claim 10 comprising code for: defining eachof the plurality of security domains as a hierarchy of organizations andassets owned by the organizations; and wherein the code for determiningthe security domain of the plurality of security domains to which theoperation relates is adapted to evaluate the user's request inaccordance with the hierarchy.
 19. A system for managing multiple useridentities for a user of an electronic commerce (e-commerce) sitedefined using a plurality of security domains, the system comprising: anidentity manager component configured to, in response to a user'srequest to invoke an operation of the e-commerce site: identify a typeof user identity being used by the user, wherein types of useridentities comprise a guest identity and a registered identity, whereinthe guest identity is an unique temporary user identity assigned to auser for the life of the user's session within the security domain, andwherein the registered identity is an unique identity that is reusableacross sessions within the security domain; determine if the type ofuser identity is appropriate to invoke the operation; responsive to thetype of user identity being appropriate to invoke the operation,determine a security domain of the plurality of security domains towhich the operation relates; select a session from a plurality ofsessions based on the determined security domain; and reuse the selectedsession for the user automatically in accordance with the determinedsecurity domain, the selected session being associated with a useridentity and a role, the user identity and the role together indicatingprivileges for invoking operations of the e-commerce site in thedetermined security domain.
 20. The system of claim 19 wherein theidentity manager component is adapted to invoke the requested operationwith the user identity and the role of the selected session.
 21. Thesystem of claim 20 wherein the selected session comprises informationindicating at least one of: the user preference's for invokingoperations at the e-commerce site; the user's preferences for invokingoperations at least for the determined security domain; and a securitysignature for authenticating the selected session information.
 22. Thesystem of claim 19 wherein the identity manager component is configuredto evaluate the requested operation to determine an operation type andadapted to reuse the selected session in accordance with the operationtype.
 23. (canceled)
 24. The system of claim 22 wherein the useridentity is associated with an identity type for permitting theinvocation of operations; wherein the identity manager component isadapted to receive the user's request in association with the pluralityof sessions persisted for the user and retrieve the user identity forthe determined security domain from the plurality of sessions; andwherein the identity manager component is adapted to reuse the selectedsession in response to the identity type of the retrieved user identity.25-27. (canceled)
 28. The method of claim 1, further comprising:responsive to the user ending an operation of the e-commerce site,switching the user back to the inappropriate type of user identity. 29.The computer readable medium of claim 10, wherein the computerexecutable code further causes the computing device to: responsive tothe user ending an operation of the e-commerce site, switch the userback to the inappropriate type of user identity.
 30. The system of claim19, further comprising: responsive to the user ending an operation ofthe e-commerce site, switch the user back to the inappropriate type ofuser identity.